Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/458090?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/458090?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.3.0-r0?arch=x86&distroversion=v3.16&reponame=community", "type": "apk", "namespace": "alpine", "name": "firefox-esr", "version": "68.3.0-r0", "qualifiers": { "arch": "x86", "distroversion": "v3.16", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "68.4.1-r0", "latest_non_vulnerable_version": "91.12.0-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1596?format=api", "vulnerability_id": "VCID-3819-3qjj-zuh4", "summary": "When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17008.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17008.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75519", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75485", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75513", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75517", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75507", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75494", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779431", "reference_id": "1779431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779431" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://security.gentoo.org/glsa/202003-02", "reference_id": "GLSA-202003-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-02" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4107", "reference_id": "RHSA-2019:4107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4108", "reference_id": "RHSA-2019:4108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4111", "reference_id": "RHSA-2019:4111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4148", "reference_id": "RHSA-2019:4148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4195", "reference_id": "RHSA-2019:4195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4205", "reference_id": "RHSA-2019:4205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0292", "reference_id": "RHSA-2020:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0295", "reference_id": "RHSA-2020:0295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0295" }, { "reference_url": "https://usn.ubuntu.com/4216-1/", "reference_id": "USN-4216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-1/" }, { "reference_url": "https://usn.ubuntu.com/4216-2/", "reference_id": "USN-4216-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-2/" }, { "reference_url": "https://usn.ubuntu.com/4241-1/", "reference_id": "USN-4241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/458090?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.3.0-r0?arch=x86&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.3.0-r0%3Farch=x86&distroversion=v3.16&reponame=community" } ], "aliases": [ "CVE-2019-17008" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3819-3qjj-zuh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1604?format=api", "vulnerability_id": "VCID-7xpb-r1ud-bfe9", "summary": "Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17012.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.8338", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.83352", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.83376", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.83378", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.83374", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0185", "scoring_system": "epss", "scoring_elements": "0.83367", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779437", "reference_id": "1779437", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779437" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://security.gentoo.org/glsa/202003-02", "reference_id": "GLSA-202003-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-02" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4107", "reference_id": "RHSA-2019:4107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4108", "reference_id": "RHSA-2019:4108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4111", "reference_id": "RHSA-2019:4111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4148", "reference_id": "RHSA-2019:4148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4195", "reference_id": "RHSA-2019:4195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4205", "reference_id": "RHSA-2019:4205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0292", "reference_id": "RHSA-2020:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0295", "reference_id": "RHSA-2020:0295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0295" }, { "reference_url": "https://usn.ubuntu.com/4216-1/", "reference_id": "USN-4216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-1/" }, { "reference_url": "https://usn.ubuntu.com/4216-2/", "reference_id": "USN-4216-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-2/" }, { "reference_url": "https://usn.ubuntu.com/4241-1/", "reference_id": "USN-4241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/458090?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.3.0-r0?arch=x86&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.3.0-r0%3Farch=x86&distroversion=v3.16&reponame=community" } ], "aliases": [ "CVE-2019-17012" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xpb-r1ud-bfe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1601?format=api", "vulnerability_id": "VCID-b3cr-fa8q-m7bw", "summary": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17010.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17010.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78789", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78759", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78785", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78792", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78782", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78771", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779434", "reference_id": "1779434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779434" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://security.gentoo.org/glsa/202003-02", "reference_id": "GLSA-202003-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-02" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4107", "reference_id": "RHSA-2019:4107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4108", "reference_id": "RHSA-2019:4108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4111", "reference_id": "RHSA-2019:4111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4148", "reference_id": "RHSA-2019:4148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4195", "reference_id": "RHSA-2019:4195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4205", "reference_id": "RHSA-2019:4205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0292", "reference_id": "RHSA-2020:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0295", "reference_id": "RHSA-2020:0295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0295" }, { "reference_url": "https://usn.ubuntu.com/4216-1/", "reference_id": "USN-4216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-1/" }, { "reference_url": "https://usn.ubuntu.com/4216-2/", "reference_id": "USN-4216-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-2/" }, { "reference_url": "https://usn.ubuntu.com/4241-1/", "reference_id": "USN-4241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/458090?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.3.0-r0?arch=x86&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.3.0-r0%3Farch=x86&distroversion=v3.16&reponame=community" } ], "aliases": [ "CVE-2019-17010" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3cr-fa8q-m7bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1603?format=api", "vulnerability_id": "VCID-bpz1-86sf-5ygu", "summary": "Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17011.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17011.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78789", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78759", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78785", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78792", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78782", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01141", "scoring_system": "epss", "scoring_elements": "0.78771", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779436", "reference_id": "1779436", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779436" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://security.gentoo.org/glsa/202003-02", "reference_id": "GLSA-202003-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-02" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4107", "reference_id": "RHSA-2019:4107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4108", "reference_id": "RHSA-2019:4108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4111", "reference_id": "RHSA-2019:4111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4148", "reference_id": "RHSA-2019:4148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4195", "reference_id": "RHSA-2019:4195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4205", "reference_id": "RHSA-2019:4205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0292", "reference_id": "RHSA-2020:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0295", "reference_id": "RHSA-2020:0295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0295" }, { "reference_url": "https://usn.ubuntu.com/4216-1/", "reference_id": "USN-4216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-1/" }, { "reference_url": "https://usn.ubuntu.com/4216-2/", "reference_id": "USN-4216-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-2/" }, { "reference_url": "https://usn.ubuntu.com/4241-1/", "reference_id": "USN-4241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/458090?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.3.0-r0?arch=x86&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.3.0-r0%3Farch=x86&distroversion=v3.16&reponame=community" } ], "aliases": [ "CVE-2019-17011" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bpz1-86sf-5ygu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1602?format=api", "vulnerability_id": "VCID-d82e-qy3k-uuaa", "summary": "The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.85564", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.85541", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.85563", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.85568", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.85565", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02469", "scoring_system": "epss", "scoring_elements": "0.8555", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779435", "reference_id": "1779435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779435" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://security.gentoo.org/glsa/202003-02", "reference_id": "GLSA-202003-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-02" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4107", "reference_id": "RHSA-2019:4107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4108", "reference_id": "RHSA-2019:4108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4111", "reference_id": "RHSA-2019:4111", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4148", "reference_id": "RHSA-2019:4148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4195", "reference_id": "RHSA-2019:4195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4205", "reference_id": "RHSA-2019:4205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0292", "reference_id": "RHSA-2020:0292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0295", "reference_id": "RHSA-2020:0295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0295" }, { "reference_url": "https://usn.ubuntu.com/4216-1/", "reference_id": "USN-4216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-1/" }, { "reference_url": "https://usn.ubuntu.com/4216-2/", "reference_id": "USN-4216-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-2/" }, { "reference_url": "https://usn.ubuntu.com/4241-1/", "reference_id": "USN-4241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/458090?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.3.0-r0?arch=x86&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.3.0-r0%3Farch=x86&distroversion=v3.16&reponame=community" } ], "aliases": [ "CVE-2019-17005" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d82e-qy3k-uuaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1600?format=api", "vulnerability_id": "VCID-esk6-m4j8-3yf9", "summary": "When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3322", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.332", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33255", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33153", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3327", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33233", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17009" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779433", "reference_id": "1779433", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779433" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/458090?format=api", "purl": "pkg:apk/alpine/firefox-esr@68.3.0-r0?arch=x86&distroversion=v3.16&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.3.0-r0%3Farch=x86&distroversion=v3.16&reponame=community" } ], "aliases": [ "CVE-2019-17009" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esk6-m4j8-3yf9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@68.3.0-r0%3Farch=x86&distroversion=v3.16&reponame=community" }